<?php

/**
 * wysiwyg_to_html() - Transforms wysiwyg raw data to standard html.
 * It rips all dangerous tags, transforms to standard html
 * At the point the function returns data, it should be safe
 * @param mixed $rawFeed
 * @return
 */
function wysiwyg_to_html($input) {
    $output = str_replace("&#34;", '"', $input);
    $output = str_replace("&#39;", "'", $output);
    $output = str_replace("&#60;", "<", $output);
    $output = str_replace("&#62;", ">", $output);
    $output = str_replace("&lt;", "<", $output);
    $output = str_replace("&gt;", ">", $output);
    // Todo : improve detection for $style
    $output = str_replace('WEBROOT', config_get("application.http_webroot"), $output);
    return $output;
}

/**
 * security_clean_input() - Transforms quotes and tags to entities to avoid malicious injection
 *
 * @param mixed $input
 * @return
 */
function security_clean_input($input) {
    $output = str_replace('"', "&#34;", $input);
    $output = str_replace("'", "&#39;", $output);
    $output = str_replace("<", "&#60;", $output);
    $output = str_replace(">", "&#62;", $output);

    return $output;
}

/**
 * security_restore_output() - Set backs quotes.
 *
 * @param mixed $input
 * @return
 */
function security_restore_output($input) {
    $output = str_replace("&#34;", '"', $input);
    $output = str_replace("&#39;", "'", $output);
    $output = str_replace("&#60;", "<", $output);
    $output = str_replace("&#62;", ">", $output);
    return $output;
}

?>